
@misc{ garfinkel03terra,
  author = "T. GARFINKEL and B. PFAFF and J. CHOW and M. ROSENBLUM and D. BONEH",
  title = "Terra: A virtual machine-based platform for trusted computing",
  text = "GARFINKEL, T., PFAFF, B., CHOW, J., ROSENBLUM, M., AND BONEH, D. Terra:
    A virtual machine-based platform for trusted computing. In Proceedings of
    the 19th ACM Symposium on Operating Systems Principles (SOSP 2003.",
  year = "2003",
  url = "citeseer.ist.psu.edu/article/garfinkel03terra.html" }


@inproceedings{ garfinkel:vmi,
    author = "Tal Garfinkel and Mendel Rosenblum",
    title = "A Virtual Machine Introspection Based Architecture for
    Intrusion Detection",
    booktitle = "Proc. Network and Distributed Systems Security Symposium",
    month = "February",
    year = "2003",
    url = "citeseer.ist.psu.edu/garfinkel03virtual.html" }


@InProceedings{VEE06,
  author =       "Kurniadi Asrigo and Lionel Litty and David Lie",
  title =        "Using {VMM}-based sensors to monitor honeypots",
  crossref =     "ACM:2006:VPS",
  year =         "2006",
  DOI =          "http://doi.acm.org/10.1145/1134760.1134765",
  pages =        "13--23",
  abstract =     "Virtual Machine Monitors (VMMs) are a common tool for
                 implementing honeypots. In this paper we examine the
                 implementation of a VMM-based intrusion detection and
                 monitoring system for collecting information about
                 attacks on honeypots. We document and evaluate three
                 designs we have implemented on two open-source
                 virtualization platforms: User-Mode Linux and Xen. Our
                 results show that our designs give the monitor good
                 visibility into the system and thus, a small number of
                 monitoring sensors can detect a large number of
                 intrusions. In a three month period, we were able to
                 detect five different attacks, as well as collect and
                 try 46 more exploits on our honeypots. All attacks were
                 detected with only two monitoring sensors. We found
                 that the performance overhead for monitoring such
                 intrusions is independent of which events are being
                 monitored, but depends entirely on the number of
                 monitoring events and the underlying monitoring
                 implementation. The performance overhead can be
                 significantly improved by implementing the monitor
                 directly in the privileged code of the VMM, though at
                 the cost of increasing the size of the trusted
                 computing base of the system.",
  acknowledgement = ack-nhfb,
  bibdate =      "Sat Oct 14 13:49:31 2006",
}

@inproceedings{ paladin,
  author = "Arati Baliga1 and Xiaoxin Chen2 and Liviu Iftode1",
  title = "Paladin: Automated Detection and Containment of Rootkit Attacks",
}

@article{siren,
author = {Kevin Borders and Xin Zhao and Atul Prakash},
title = {Siren: Catching Evasive Malware (Short Paper)},
journal = {sp},
volume = {0},
year = {2006},
issn = {1081-6011},
pages = {78-85},
doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2006.37},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}

@inproceedings{protSensFiles,
 author = {Xin Zhao and Kevin Borders and Atul Prakash},
 title = {Towards Protecting Sensitive Files in a Compromised System},
 booktitle = {SISW '05: Proceedings of the Third IEEE International Security in Storage Workshop (SISW'05)},
 year = {2005},
 isbn = {0-7695-2537-7},
 pages = {21--28},
 doi = {http://dx.doi.org/10.1109/SISW.2005.17},
 publisher = {IEEE Computer Society},
 address = {Washington, DC, USA},
 }

 @misc{ wiki:hypervisor,
   author = "Wikipedia",
   title = "Hypervisor --- Wikipedia{,} The Free Encyclopedia",
   year = "2007",
   url = "\url{http://en.wikipedia.org/w/index.php?title=Hypervisor&oldid=142674472}",
   note = "[Online; accessed 7-July-2007]"
 }

@inproceedings{XenArtOfVirt,
 author = {Paul Barham and Boris Dragovic and Keir Fraser and Steven Hand and Tim Harris and Alex Ho and Rolf Neugebauer and Ian Pratt and Andrew Warfield},
 title = {Xen and the art of virtualization},
 booktitle = {SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles},
 year = {2003},
 isbn = {1-58113-757-5},
 pages = {164--177},
 location = {Bolton Landing, NY, USA},
 doi = {http://doi.acm.org/10.1145/945445.945462},
 publisher = {ACM Press},
 address = {New York, NY, USA},
 }

@inproceedings{VmSecSys,
 author = {Xin Zhao, Kevin Borders, Atul Prakash},
 title = {Virtual Machine Security Systems}, 
 location = {Department of EECS, University of Michigan},
 address = {Ann Arbour, MI, 48109-2121, USA },
 }

 @misc{ vuls,
   author = "United States Computer Emergency Readiness Team",
   title = "US-CERT Vulnerability Notes",
   year = "2007",
   url = "\url{http://www.kb.cert.org/vuls}",
   note = "[Online; accessed 15-July-2007]"
 }


@inproceedings{sHypeXen,
 author = {Reiner Sailer and Trent Jaeger and Enriquillo Valdez and Ramon Caceres and Ronald Perez and Stefan Berger and John Linwood Griffin and Leendert van Doorn},
 title = {Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor},
 booktitle = {ACSAC '05: Proceedings of the 21st Annual Computer Security Applications Conference},
 year = {2005},
 isbn = {0-7695-2461-3},
 pages = {276--285},
 doi = {http://dx.doi.org/10.1109/CSAC.2005.13},
 publisher = {IEEE Computer Society},
 address = {Washington, DC, USA},
 }

@inproceedings{VMattacks,
 author = {Peter Ferrie},
 title = {Attacks on Virtual Machine Emulators}, 
 year = {2007},
 publisher = {SYMANTEC ADVANCED THREAT RESEARCH},

 }


@inproceedings{rootkits,
 author = {Alkesh Shah},
 title = {Analysis of Rootkits: Attack Approaches and Detection Mechanisms}, 
 publisher = {Georgia Institute of Technology},
 address = {Georgia Institute of Technology},
 }



@article{GuideIdps,
author = {Karen Scarfone , Peter Mell},
title = {Guide to Intrusion Detection and Prevention Systems (IDPS)},
year = {February 2007},
publisher = {NIST, Computer Security Special Publications},
}

@article{HypID,
author = {Lionel Litty},
title = {Hypervisor-based Intrusion Detection },
address = {Graduate Department of Computer Science, University of Toronto},
}


@article{HypMalware,
author = {Fionnbharr Davies},
title = { Hypervisor Malware },
address = {GTHE UNIVERSITY OF NEW SOUTH WALES, SCHOOL OF COMPUTER SCIENCE AND ENGINEERING},
}

@article{introXen,
author = { TIM ABELS, PUNEET DHAWAN, BALASUBRAMANIAN CHANDRASEKARAN},
title = {An Overview of Xen Virtualization},
year = {2005},
publisher = {Dell Power Solutions},
}












